I am trying to connect to public.dhe.ibm.com using z/OS FTP. No matter what I
do, the session fails with
FC1108 authServer: secure_socket_init failed with rc = 410 (SSL message format
is incorrect)
If I run a trace I can see what is happening. The client sends "AUTH TLS" which
is accepted with "234 AUTH TLS successful". The client sends a TLS CLIENT-HELLO
message (as it should) and expects a SERVER-HELLO in response. Instead the
server is sending a 550 response which the client is rejecting as "incorrect
format."
Thd-0 INFO send_v3_client_hello(): Sent V3 CLIENT-HELLO message
Thd-0 ASCII send_v3_client_hello(): V3 CLIENT-HELLO message
00000000: 0100003b 030163fc c486f8b3 7705f180 *...;..c.....w...*
00000010: ccf6642f 30e75935 0f2843c9 067bf5ff *..d/0.Y5.(C..{..*
00000020: 9714d670 d4940000 0e00ff00 35003800 *...p........5.8.*
00000030: 39002f00 32003301 00000400 170000 *9./.2.3........ *
Thd-0 INFO gsk_write_v3_record(): Calling write routine for 68 bytes
Thd-0 INFO gsk_write_v3_record(): 68 bytes written
Thd-0 INFO gsk_read_v3_record(): Calling read routine for 5 bytes
Thd-0 INFO gsk_read_v3_record(): 5 bytes received
Thd-0 ERROR gsk_read_v3_record(): Content Type 53 is not supported
Thd-0 ASCII gsk_read_v3_record(): SSL record header
00000000: 35353020 54 *550 T *
Thd-0 ERROR gsk_secure_socket_init(): SSL V3 client handshake failed with
170.225.126.67[21]
I say what the problem is not:
- It is not a firewall issue. Data is clearly flowing both directions
- It is not a certificate issue. No certificates have been exchanged at this
point
Can anyone tell me what IS going on? I am using fairly vanilla TLS FTP.DATA
statements. Does anyone have a set that works?
Thanks,
Charles
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
